DTLS close alert processing in 0.9.8g - Openssl

This is a discussion on DTLS close alert processing in 0.9.8g - Openssl ; This is a multipart message in MIME format.
--=_alternative 0066EED685257392_=
Content-Type: text/plain; charset="US-ASCII"
While testing interop of our DTLS implementation with openssl 0.9.8g I
found an issue with openssl client handling the close notify alert from
our server.
After our ...

DTLS close alert processing in 0.9.8g

This is a multipart message in MIME format.
--=_alternative 0066EED685257392_=
Content-Type: text/plain; charset="US-ASCII"

While testing interop of our DTLS implementation with openssl 0.9.8g I
found an issue with openssl client handling the close notify alert from
our server.
After our server responds to the "GET /" it sends a close notify alert to
close the connection.
openssl gets the alert and decrypts it correctly but doesn't process the
alert and enters a state where it is waiting for another record from the
server.
The problem appears to be in the following code in dtls1_read_bytes() in
d1_pkt.c

In my case before "if (dest_maxlen > 0)" I have dest_max_len = 7 and
rr_length = 2.
The "if ( rr->length < dest_maxlen )" causes a "goto start" where another
call to
dtls1_get_record() will take place, which is incorrect because the alert
has not been handled.
I am not sure what is the purpose of the "if ( rr->length < dest_maxlen )"
I can force the code to handle the alert if I if change the code to this:
"if ( rr->length < dest_maxlen && (rr->type != SSL3_RT_ALERT))"
This is just my own hack and may not be the correct action.